Chat Log
00:07:01 Craig Anderson, PCM (Detroit via VT): I thought this whole time it was 2020 Part Deux
00:07:07 Isaac Grover: NO. I do not accept this as the final call. I will see you next Friday, same time, same place.
00:10:51 Isaac Grover: @Daniel - how was your sold MSP valued? We're not in a position to sell, but curious so that we know how to build ours to be sold?
00:13:54 Jared Belcher: So you're saying I learned from a cheater?! :)
00:14:36 Rob Danser: hahaha most def
00:17:16 Bill Taylor: Document everything you do so you can create a training program in the future without making it a huge project :)
00:20:29 Jennifer Berry: I do that all the time
00:20:41 Jennifer Berry: that's something I fight with a lot is not letting great get in the way of good
00:23:00 Jeroen Potters | PIT Pro: Sounds great Kyle
00:23:29 DanielBuchanan: Thank you all so much! Very helpful!
00:24:20 Bill Taylor: Very good idea
00:24:35 Bill Taylor: Every company should do that at least with security questions
00:25:06 Mark Lecher: I'd be curious to know how people handle asset management - especially for larger remote clients. We are using configurations in ConnectWise but I'd be interested in learning about potential ways to improve. Biggest issue I see is with tracking spare devices - not easy way to track that by default in CW.
00:25:50 Jorge: https://snipeitapp.com/
00:26:35 Jorge: Log4Shell is the "branded" name
00:26:35 Mark Lecher: @ Jorge - I'm a little familiar with that. Does it integrate with ConnectWise by chance?
00:27:00 DanielBuchanan: Seems like a way to show the value in 3rd party app patching!
00:27:40 Jared Belcher: Same - our IR team is on top of it. Using CyberCNS and Kaseya and everything else to track down vulnerable machines and getting them patched.
00:27:50 Jennifer Berry: same here
00:27:59 Bob Tukin: We made all Log4J tickets client facing asap.
00:28:09 Isaac Grover: @Mark - SnipeIT, we don't integrate with our RMM (N-Able), just do quarterly audits.
00:28:55 Jared Belcher: @Mark We have tiered sites in Kaseya and spare devices get a .spare location added to them. It's not perfect but it helps
00:29:29 Blake Taravella: RocketCyber has a Log4j Detector that is pretty helpful for indentifying exposure.
00:29:57 Isaac Grover: @Bob - how many clients? We have 80+ clients and did audits of all their internal and cloud environments, and only communicated to clients who had Log4j in use anywhere.
00:30:01 Jared Belcher: CyberCNS has log4j listed as a vulnerability so you can scan for it with that as well.
00:30:09 Craig Anderson, PCM (Detroit via VT): @blake got a link to that?
00:31:30 Bill Taylor: https://members.trumethods.com/step/developing-your-incident-response-plan/
00:31:52 Bob Tukin: @Isaac my team had 12 affected clients.
00:32:24 Bill Taylor: www.trumethods.com/cybercall
00:32:47 Isaac Grover: @Jorge - CISA, good idea. We use Reddit. LOL
00:32:57 Bob Tukin: PowerChute was a big one for us
00:32:57 Jorge: https://www.cisa.govhttps://www.bleepingcomputer.com//uscert/
00:33:03 David Westgate: https://www.cyberdrain.com/
00:33:16 DanielBuchanan: /r/msp
00:33:20 DanielBuchanan: /r/sysadmin
00:33:22 Jorge: https://threatpost.com/
00:33:41 AaronHodinh: https://log4shell.huntress.com/
00:34:55 Bill Taylor: Building IR Plan: https://members.trumethods.com/step/building-an-incident-response-plan/
00:35:04 Bill Taylor: Other one was "Developing your IR Plan"
00:35:42 Neil Murray: The SANS newsletters are decent: https://www.sans.org/newsletters
00:38:04 Jennifer Berry: We've always struggled with that
00:38:35 Craig Anderson, PCM (Detroit via VT): yeah my answer is more inline with Jorges
00:39:06 Kyle: InTune has been a game changer, especially with clients on iOS devices
00:40:21 Augusto Sandino: Whats it called
00:40:50 Jorge: https://snipeitapp.com/
00:40:59 Augusto Sandino: Thank you
00:41:15 Bill Taylor: Are there questions to check this in the alignment process?
00:41:43 Jorge: yes, but for us those questions tend to be the "frequent 'no'"
00:41:43 Jared Belcher: We have a ticket generated when a computer is offline for more than 30 days to help us encourage them to get it online and keep it updated
00:42:04 Kyle: We call that “Hot” vs “Cold” Spare, cold spares are the hardest to keep track of
00:42:11 Jennifer Berry: same
00:42:32 Craig Anderson, PCM (Detroit via VT): https://snipeitapp.com/ right?
00:42:41 Craig Anderson, PCM (Detroit via VT): oh yeah you already reposted
00:42:44 Craig Anderson, PCM (Detroit via VT): nvm
00:43:02 Jeroen Potters | PIT Pro: https://www.watchmanmonitoring.com
00:45:48 Isaac Grover: I want to turn SnipeIT mentions in this chat into a drinking game...
00:45:54 Augusto Sandino: How is the money attached
00:46:39 Bradley Reid: Liongard is great
00:48:01 Augusto Sandino: Yes
00:48:22 Augusto Sandino: Yes i see
00:48:25 Augusto Sandino: Ok
00:48:28 Augusto Sandino: Thank you
00:49:38 Craig Anderson, PCM (Detroit via VT): anybody from the OG who remember hen there were MAYBE like 8 people on?
00:50:32 Jorge: Somewhat. I am .5 vCIO, .5 operations. Which means I largely end up leading the tech team